Unity https webrequest因“身份验证或解密失败”而失败怎么解决

Unity使用WebRequest请求https，报如下的错误

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010f
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in :0 
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] in :0 
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in :0 
  at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in :0 
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in :0 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in :0 
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x00000] in :0 
  at System.Net.HttpWebRequest.GetResponse () [0x00000] in :0 
  at DownloadHelper.HttpRequest (System.String url, System.String saveFullPath) [0x00000] in :0 

原因

Windows上的.NET Framework使用Windows证书存储（mmc，添加/删除管理单元，证书）来确定是否接受来自远程站点的SSL证书。Windows随附大量根和中级证书颁发机构（CA），并且它们会通过Windows Update定期更新。因此，如果.NET代码是由证书存储中的CA或CA的后代（包括大多数信誉良好的商业CA）发布的，则它们通常会相信该证书。
在Mono中，没有Windows证书存储。
mozroots.exe点将使mono安装信任默认安装后Firefox所信任的所有内容。

解决办法

在提出请求之前，只需添加以下行：

ServicePointManager.ServerCertificateValidationCallback = MyRemoteCertificateValidationCallback;

public bool MyRemoteCertificateValidationCallback(System.Object sender,
    X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    bool isOk = true;
    // If there are errors in the certificate chain,
    // look at each error to determine the cause.
    if (sslPolicyErrors != SslPolicyErrors.None) {
        for (int i=0; i<chain.ChainStatus.Length; i++) {
            if (chain.ChainStatus[i].Status == X509ChainStatusFlags.RevocationStatusUnknown) {
                continue;
            }
            chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
            chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
            chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan (0, 1, 0);
            chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
            bool chainIsValid = chain.Build ((X509Certificate2)certificate);
            if (!chainIsValid) {
                isOk = false;
                break;
            }
        }
    }
    return isOk;
}

---

实战

using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public void HttpWebRequest MakeWebRequest(string url)
{
	HttpWebRequest request = null;
	if (url.StartsWith("https", StringComparison.OrdinalIgnoreCase))
    {
        ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
        request = WebRequest.Create(url) as HttpWebRequest;
        request.ProtocolVersion = HttpVersion.Version11;
    }
    else
    {
        request = WebRequest.Create(url) as HttpWebRequest;
    }
    return request;
}


private static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
    return true; 
}

---

附
常见的HTTP状态码(HTTP Status Code)： https://www.jianshu.com/p/369db1ba04ea